USBcat - Towards an Intrusion Surveillance Toolset

Chris Chapman
(Royal Military College of Canada, Electrical and Computer Engineering Department, Kingston, Canada)
Scott Knight
(Royal Military College of Canada, Electrical and Computer Engineering Department, Kingston, Canada)
Tom Dean
(Queen's University, Electrical and Computer Engineering Department, Kingston, Canada)

This paper identifies an intrusion surveillance framework which provides an analyst with the ability to investigate and monitor cyber-attacks in a covert manner. Where cyber-attacks are perpetrated for the purposes of espionage the ability to understand an adversary's techniques and objectives are an important element in network and computer security. With the appropriate toolset, security investigators would be permitted to perform both live and stealthy counter-intelligence operations by observing the behaviour and communications of the intruder. Subsequently a more complete picture of the attacker's identity, objectives, capabilities, and infiltration could be formulated than is possible with present technologies. This research focused on developing an extensible framework to permit the covert investigation of malware. Additionally, a Universal Serial Bus (USB) Mass Storage Device (MSD) based covert channel was designed to enable remote command and control of the framework. The work was validated through the design, implementation and testing of a toolset.

In Joaquin Garcia-Alfaro and Gürkan Gür: Proceedings 2014 International Workshop on Advanced Intrusion Detection and Prevention (AIDP 2014), Marrakesh, Morocco, June 2014, Electronic Proceedings in Theoretical Computer Science 165, pp. 31–43.
Published: 13th October 2014.

ArXived at: http://dx.doi.org/10.4204/EPTCS.165.3 bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org